Luke Taylor
66e586ec67
Added Id keyword.
2008-12-20 15:41:51 +00:00
Luke Taylor
cc5966bc7e
Tidying up, removing compiler warnings etc.
2008-12-20 00:16:49 +00:00
Luke Taylor
8154161ef5
SEC-1035: Updated build to use Spring 3.0.0.M1 Release
2008-12-18 02:37:00 +00:00
Luke Taylor
8f598e9b11
SEC-1052: Add support for the namespace option 'disable-url-rewriting'.
2008-12-17 01:28:29 +00:00
Luke Taylor
171456a26c
SEC-1018: Changes to allow external reference to SaltSource bean from the namespace.
2008-12-17 01:11:43 +00:00
Luke Taylor
00125cddee
SEC-1016: Moved the MapBasedDefinitionSource to the top of the list of delegates (before expressions), but changed the code to only add it if there are pointcuts defined, so there should be no unnecessary overhead.
2008-12-17 00:48:32 +00:00
Luke Taylor
585e5f393a
Added warning suppression for deprecation.
2008-12-17 00:32:21 +00:00
Luke Taylor
d8b5f770e9
Added warning suppression for deprecation.
2008-12-17 00:31:17 +00:00
Luke Taylor
db5f1e69f1
SEC-949: Added the option of specifying -1 as the token-validity-seconds value in order to set the cookie maxAge to expire when the browser closes.
2008-12-17 00:14:48 +00:00
Luke Taylor
c2e688610c
SEC-1011: Introduced methods for extracting the remember-me cookie and for creating the returned token.
2008-12-16 23:25:44 +00:00
Luke Taylor
998f0b3ea1
SEC-993: Updated retrievePassword method to return null if an Authentication object with null credentials is presented (e.g. with OpenID). Prevents NPE when toString() is called.
2008-12-16 20:35:18 +00:00
Luke Taylor
d0fcbd9baf
Tidying up Javadoc.
2008-12-16 20:29:53 +00:00
Luke Taylor
a1bd48733a
Minor Javadoc correction.
2008-12-16 20:16:56 +00:00
Luke Taylor
74fd5fe8a4
Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.
2008-12-16 18:55:38 +00:00
Luke Taylor
b24cc17dea
SEC-1052: Added "disableUrlRewriting" parameter to HttpSessionSecurityContextRepository.
2008-12-16 17:35:34 +00:00
Luke Taylor
bf409b5b25
Improvements to Javadoc.
2008-12-16 02:06:26 +00:00
Luke Taylor
f54d7ee6bc
SEC-535: Added "postOnly" flag to AuthenticationProcessingFilter, defaulting to "true" so that only POST requests are allowed by default.
2008-12-15 23:58:40 +00:00
Luke Taylor
898ef36d02
SEC-959: Converted SwitchUserFilter to use new Authentication success and failure strategies from SEC-745 for managing redirects.
2008-12-15 19:50:53 +00:00
Luke Taylor
c3181d9db0
SEC-1063: Moved the justUseSavedRequestOnGet property to ExceptionTranslationFilter. If set, it will not store the SavedRequest for unless the request is a GET.
2008-12-15 02:48:32 +00:00
Luke Taylor
40ccd3be11
SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.
2008-12-15 01:25:12 +00:00
Luke Taylor
fcc68e636e
SEC-1062: Added authentication-success-handler-ref and authentication-failure-handler-ref to the namespace definition.
2008-12-15 00:56:17 +00:00
Luke Taylor
a0bcf7184c
SEC-1061: Renamed serverSideRedirect property.
2008-12-14 23:56:30 +00:00
Luke Taylor
cf3cac90ad
SEC-1058, SEC-745: Updating comments
2008-12-14 23:53:44 +00:00
Luke Taylor
3f38035057
SEC-1058: Renamed "forwardToDestination" to "useForward" for simplicity and consistency with the namespace.
2008-12-14 22:53:31 +00:00
Luke Taylor
2927b8464f
SEC-1058: Substantial refactoring of AbstractProcessingFilter to use AuthenticationFailureHandler strategy. Also changed attemptAuthentication method to take a response object and have the option of returning null, to allow OpenIDAuthenticationProcessingFilter to work without having to throw exceptions between the template methods (which made the logic very hard to follow). The OpenID filter now redirects to the OpenID provider service from this method, rather than treating it as a temporary failure and throwing OpenIDAuthenticationRequiredException.
2008-12-14 22:20:21 +00:00
Luke Taylor
839279161d
SEC-745: Added concrete failure handling strategies.
2008-12-13 23:34:15 +00:00
Luke Taylor
6664f57ff6
SEC-992: Removed the line setting returningObj to false.
2008-12-12 23:22:26 +00:00
Luke Taylor
10e4d1fe1a
SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver.
2008-12-12 22:30:57 +00:00
Luke Taylor
615194710e
SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.
2008-12-12 17:25:09 +00:00
Luke Taylor
48dce501ce
SEC-942: Added createEmptyContext() method to SecurityContextHolderStrategy and SecurityContextHolder to encapsulate the context implemetentation in one place. HttpSessionSecurityContextRepository calls this method when it needs a new context to store in the session.
2008-12-12 14:27:23 +00:00
Luke Taylor
aec23749d7
SEC-1056: Remove deprecated FilterToBeanProxy: It's gone
2008-12-12 13:04:37 +00:00
Luke Taylor
3fcc7b5403
SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes
2008-12-12 12:47:42 +00:00
Luke Taylor
a443e55832
SEC-1057: Refactored TargetUrlResolver to remove SavedRequest from determineTargetUrl method.
2008-12-11 17:00:13 +00:00
Luke Taylor
093365b2f4
Removed unnecessary cast.
2008-12-11 16:42:25 +00:00
Luke Taylor
30f9b3e72c
SEC-995: AbstractSecurityInterceptor exception message improvement. Added the secured object to the exception message to make it easier to track down the originating method which causes a problem with public invocations.
2008-12-10 16:57:40 +00:00
Luke Taylor
3f40604b82
SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.
2008-12-10 13:48:25 +00:00
Luke Taylor
acfcac4594
SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage
...
Applied supplied patch which checks the committed flag before forwarding to the error page.
2008-12-10 12:36:59 +00:00
Luke Taylor
7fe6a0fc0d
SEC-1033: Added support for web IP ranges based on an address and netmask.
2008-12-09 23:14:44 +00:00
Luke Taylor
7767a9ed60
SEC-1033: Add basic equality support for hasIpAddress() expression.
2008-12-09 18:04:08 +00:00
Luke Taylor
3da68a7a82
Java5 stuff
2008-12-09 18:02:58 +00:00
Luke Taylor
046456c142
Removed unused constants.
2008-12-09 14:33:31 +00:00
Luke Taylor
3e8de229be
Java5 updates.
2008-12-09 14:30:37 +00:00
Luke Taylor
98422b69a8
Java5 updates.
2008-12-09 14:27:31 +00:00
Luke Taylor
c2ac125719
Tidying up.
2008-12-08 21:55:33 +00:00
Luke Taylor
a2ef10e65f
SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.
2008-12-08 21:54:47 +00:00
Luke Taylor
6b4045667a
SEC-1033: Completed working version of web expression support.
...
SEC-999: Added getExpressionParser() method to the security handler interface to allow both web and method expression security to obtain a suitable parser from the configuration for parsing their expression attributes.
2008-12-08 01:01:14 +00:00
Luke Taylor
fd3990c1f8
SEC-1033: Refactored DefaultFilterInvocationDefinitionSource to remove legacy methods and make it immutable.
2008-12-07 22:46:36 +00:00
Luke Taylor
bed00e10f5
Reduced visibility of attribute names in HttpSecurityBDP.
2008-12-07 13:46:09 +00:00
Luke Taylor
9bb64d1974
Removed out of date javadoc reference to SecurityEnforcementFilter.
2008-12-06 17:56:24 +00:00
Luke Taylor
7265a70f0a
SEC-1012: Java5 - use of vararg methods.
2008-12-06 17:33:19 +00:00
Luke Taylor
c3d216e7bb
SEC-1012: Minor improvements to SecurityContextHolderAwareRequestFilter and conversion to use jmock for test.
2008-12-06 17:31:53 +00:00
Luke Taylor
953a4ab9ea
SEC-1036: Removed deprecated class and unnecessary mock.
2008-12-05 22:30:26 +00:00
Luke Taylor
6293541b73
SEC-1036: Updated DefaultSpringSecurityContextSource to enable pooling for "manager" users by default but not when binding directly as a user.
2008-12-05 22:04:51 +00:00
Luke Taylor
bc6878c1c5
SEC-1044: Removed remember-me functionality from http auto-config namespace configuration. Added explicit <remember-me> elements to contacts and tutorial sample configurations.
2008-12-05 16:36:43 +00:00
Luke Taylor
58c237fa74
SEC-1015: Removed final packages/directories for old acl code.
2008-12-05 16:07:40 +00:00
Luke Taylor
38f466dcfc
SEC-1039: Refactored post-request session-creation logic into separate method. Some comment improvements.
2008-12-05 15:51:29 +00:00
Luke Taylor
48874d69a7
SEC-1039: Made sure "old" security context session key points to new one so they always match.
2008-12-05 14:54:01 +00:00
Luke Taylor
fd7fc0c8a5
SEC-1039: Corrected reference to security context key to match new value.
2008-12-05 14:52:52 +00:00
Luke Taylor
c5e1fd77ec
SEC-1045: Added testsfor use of external context storage strategy through the namespace
2008-12-04 14:25:55 +00:00
Luke Taylor
7dfbcf2ddf
SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class.
2008-12-04 13:32:35 +00:00
Luke Taylor
ffc8637def
Tidying up.
2008-12-03 11:02:56 +00:00
Luke Taylor
8587d4c635
Switch to non-deprecated methods.
2008-12-03 10:21:27 +00:00
Luke Taylor
3e2930d785
SEC-1045: Added security-context-repository-ref attribute to <http>
2008-12-02 16:14:03 +00:00
Luke Taylor
f2969392a6
SEC-1043: Improved Javadoc for LdapAuthenticationProvider user details mapping methods.
2008-12-02 14:32:44 +00:00
Luke Taylor
9ab69ddcaf
Converted to use jmock.
2008-12-02 13:58:20 +00:00
Luke Taylor
72eee6f1ca
Removing unused mock classes.
2008-12-02 13:07:06 +00:00
Luke Taylor
fba57bdf5b
Removed unused MockAccessDecisionManager class
2008-12-02 12:56:04 +00:00
Luke Taylor
283b932fe0
Minor tidying up.
2008-12-02 12:53:48 +00:00
Luke Taylor
f3387cd879
2008-12-02 12:49:13 +00:00
Luke Taylor
a09b15ce5f
Added tests for AuthenticationDetailsSourceImpl (and AuthenticationDetails).
2008-12-01 15:50:31 +00:00
Luke Taylor
8283074097
Tidying.
2008-12-01 15:49:35 +00:00
Luke Taylor
e3dd12021b
Added extra calls to exercise CachingUserDetailsService
2008-12-01 15:49:13 +00:00
Luke Taylor
a2f7b7e4f1
Added optional args argument to constructor.
2008-12-01 14:29:58 +00:00
Luke Taylor
3fe112f769
Added tests for AbstractAclVoter.
2008-12-01 14:28:24 +00:00
Luke Taylor
e864dfa796
SEC-1039: Converted HttpBeanDefinitionParser to use new context persistence filter instead of HttpSessionContextIntegrationFilter
2008-12-01 12:37:31 +00:00
Luke Taylor
08ea70909d
Fixed broken test due to missing context file.
2008-12-01 00:36:13 +00:00
Luke Taylor
a318aacc4f
Converted MethodSecurityInterceptorTests to use mocks and deleted app context file.
2008-11-30 23:20:16 +00:00
Luke Taylor
bfd4bcfdb7
SEC-1012: Java5ing of RunAsUserToken constructor.
2008-11-30 23:16:39 +00:00
Luke Taylor
b25d6958d7
SEC-1036: Removed references to SpringSecurityContextSource
2008-11-29 12:15:51 +00:00
Luke Taylor
66897e1849
SEC-1036: Upgraded Spring LDAP to 1.3 and made corresponding code changes. Also some general tidying up of LDAP code. Removed deprecated context factory classes.
2008-11-28 22:22:51 +00:00
Luke Taylor
1918c50fd7
SEC-1039: Deprecated HttpSessionContextIntegrationFilter and made it extend SecurityContextPersistenceFilter.
2008-11-28 18:01:34 +00:00
Luke Taylor
8cfd515b27
SEC-988: Added Javadoc for UserDetailsChecker interface.
2008-11-27 21:21:25 +00:00
Luke Taylor
d508adbf8b
SEC-1037: Made LdapAuthenticationProvider implement MessageSourceAware.
2008-11-27 21:12:43 +00:00
Luke Taylor
843d0e6910
SEC-985: Added hideUsernameNotFoundException property to LdapAuthenticationProvider and set default to true.
2008-11-27 21:08:01 +00:00
Luke Taylor
4d81d750cd
SEC-1039: Created new filter SecurityContextPersistenceFilter and SecurityContextRepository strategy to replace HttpSessionContextIntegrationFilter functionality.
2008-11-27 20:18:54 +00:00
Luke Taylor
789be71d8c
SEC-398: Rolled back addition of erroneous test method for this issue (the fix was incorrect and the test method does nothing useful).
2008-11-27 10:41:08 +00:00
Luke Taylor
2dfd006665
SEC-1012: Converted Groupsmanager to use List<String>
2008-11-26 11:17:15 +00:00
Luke Taylor
1f78974073
Improved javadoc and debug message relating to clearing of security context.
2008-11-26 10:35:06 +00:00
Luke Taylor
dca0505d23
SEC-1012: generification
2008-11-21 12:39:30 +00:00
Luke Taylor
05e753de61
Converted to use jmock for mocks.
2008-11-21 12:26:56 +00:00
Luke Taylor
6b24637fbc
Further SavedRequestWrapper related tests and tidying up.
2008-11-21 12:17:43 +00:00
Luke Taylor
1cf59b249a
Added test class for DefaultLoginPageGeneratingFilter.
2008-11-16 05:07:33 +00:00
Luke Taylor
13caa48a24
Added clearContext() in @After. Test was leaving a TestingAuthenticationToken in the context.
2008-11-16 00:09:35 +00:00
Luke Taylor
18e74e7d3f
Import cleaning.
2008-11-16 00:03:42 +00:00
Luke Taylor
22cca49d4a
Added clearContext() call in @Before method. Test class appears to be failing on the build server because of a left over security context from a previous test
2008-11-16 00:03:01 +00:00
Luke Taylor
67c06d3d52
SEC-1012: Adding generics and general tidying up of tests etc
2008-11-15 13:00:38 +00:00
Luke Taylor
a535c5bd05
Removed unused imports.
2008-11-15 11:09:40 +00:00
Luke Taylor
9dc50bce82
SEC-1013: Removed ConfigAttributeDefinition
2008-11-15 10:55:23 +00:00
Luke Taylor
e259fe43a9
SEC-1034: Removed classes for converting a FilterInvocationDefinitionSource to a map for use in FilterChainProxy
2008-11-15 10:26:35 +00:00
Luke Taylor
31375b7212
SEC-1012: Futher generification. Also changed method signature of ObjectDefinitionSource.getAllConfigAtributes to return a single collection
2008-11-15 09:35:11 +00:00
Luke Taylor
5c1f4e60e3
Tidying stuff
2008-11-14 07:16:49 +00:00
Luke Taylor
3261fcb174
Tidying stuff
2008-11-14 07:16:30 +00:00
Luke Taylor
fa630a430d
Removed unused test files
2008-11-14 06:23:34 +00:00
Luke Taylor
3ce5ea7710
Add missing @Test attributes
2008-11-14 06:22:43 +00:00
Luke Taylor
df26b2447c
SEC-1035: Switch to using spring-el from the Spring 3 build
2008-11-14 06:21:24 +00:00
Luke Taylor
bd9b199599
Import cleaning.
2008-11-14 00:28:54 +00:00
Luke Taylor
648ba1c43a
SEC-1034: Fix broken tests.
2008-11-13 08:57:43 +00:00
Luke Taylor
ae05e74085
Replace use of deprecated Spring methods (addConstructorArg) with non-deprecated versions.
2008-11-13 08:56:59 +00:00
Luke Taylor
7a8bd8a673
SEC-1034: Removed FilterInvocationDefinitionSourceEditor.
2008-11-13 07:46:21 +00:00
Luke Taylor
464da0f0df
SEC-999: Refactored namespace to take an expression handler instead of a permission evaluator, allowig fo greater cusomtomization and for a single handler to be used in both web and method security expressions.
2008-11-13 07:41:21 +00:00
Luke Taylor
ee13be47b7
Call setAuthenticated() in constructor with authorities to mimic behaviour of UsernamePasswordAuthenticationToken
2008-11-13 07:29:43 +00:00
Luke Taylor
3ef34122fc
Converted to using JMock.
2008-11-13 06:50:55 +00:00
Luke Taylor
e18971fdf0
Fix test. BasicProcessingFilter doesn't work with TestingAuthenticationToken.
2008-11-13 06:30:39 +00:00
Luke Taylor
3acd515c6c
SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
2008-11-12 04:07:56 +00:00
Luke Taylor
0bbab88504
SEC-1031: LdapShaPasswordEncoder.isPasswordValid startOfHash off by one
...
http://jira.springframework.org/browse/SEC-1031 . Fixed startOfHash value and added tests to check full length of password is used.
2008-11-11 23:34:40 +00:00
Luke Taylor
0ba690fb0e
SEC-1015: Removed acl package from core and also related taglib declaration and implementation class (AclTag).
2008-11-11 09:21:51 +00:00
Luke Taylor
e5b1073501
SEC-1012: Added more generics and warning suppression
2008-11-11 09:06:50 +00:00
Luke Taylor
be34724207
Matchers for use with JMock expectations
2008-11-11 08:43:17 +00:00
Luke Taylor
62986c700b
SEC-1027: Removed bnd plugin and 'bundle' package types from pom.xml files
2008-11-11 01:09:37 +00:00
Luke Taylor
e11114ce77
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 .
hasPermission() now delegates to a PermissionEvaluator interface, with a default implementation provided by the Acl module. The contacts sample now uses expressions on the ContactManager interface. The permission-evaluator element on global-method-security can be used to set the instance to an AclPermissionEvaluator. If not set, all hasPermission() expressions will evaluate to 'false'.
2008-11-10 04:27:25 +00:00
Luke Taylor
d6bb6ccbf5
Removed .cvsignore files
2008-11-06 01:11:08 +00:00
Luke Taylor
d33b13e52e
SEC-1023: Added support for hasPermission() based on Id and type
2008-11-05 22:44:46 +00:00
Luke Taylor
a207acf7cb
SEC-999: Fix broken test which was failing due to use of incorrect authentication object.
2008-11-05 01:09:14 +00:00
Luke Taylor
56141e9c5f
SEC-999: Refactoring out specific dependencies on Spring EL into SecurityExpressionHandler.
...
SEC:1023: Updates to expression root to allow evaluationof permissions.
2008-11-04 23:30:56 +00:00
Luke Taylor
dabb719456
SEC-1023: Add hasPermission() support to SecurityExpressionRoot
...
http://jira.springframework.org/browse/SEC-1023 . PermissionEvaluator interface for use by expressions when evaluating hasPermisson() expressions.
2008-11-04 22:46:21 +00:00
Luke Taylor
b42fc7221f
Upgraded to jmock 2.5.1
2008-11-04 05:37:56 +00:00
Luke Taylor
514bca669f
SEC-999: Introduced custom SecurityExpressionEvaluationContext which is responsible for lazy initialization of parameter values in the context. Also some further conversion of code using GrantedAuthority arrays.
2008-10-31 11:40:11 +00:00
Luke Taylor
ec44f2bdfe
SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections
2008-10-31 03:53:00 +00:00
Luke Taylor
e891b334e6
SEC-1009: removed additional container adapter specific code
2008-10-30 05:45:13 +00:00
Luke Taylor
09cc58d7ac
SEC-1009: removed additional container adapter specific code
2008-10-30 05:44:38 +00:00
Luke Taylor
3521af4cae
Added missing test class.
2008-10-30 04:32:22 +00:00
Luke Taylor
a7d046357b
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
2008-10-30 04:10:54 +00:00
Luke Taylor
c7abdadc06
SEC-999: Moved caching from AbstractFallbackMethodDefinitionSource to DelegatingMethodDefinitionSource, to allow ExpressionBasedMethodDefinitionSource to take advantage of it. The latter no-longer uses the fallback approach as it requires its own strategy to combine annotations which may be defined at method-on-class, class, method-on-interface or interface level.
2008-10-28 06:37:04 +00:00
Luke Taylor
f2ec8c978a
Moved MethodDefinitionSource to standalone class.
2008-10-27 21:51:58 +00:00
Luke Taylor
f592357c27
SEC-999,SEC-1013: removed ConfigAtributeDefinition from ObjectDefinitionSource and implementations. Modified el-authz to allow methods which use an annotation without explicitly specifying a PreAuthorize condition
2008-10-27 09:04:22 +00:00
Luke Taylor
5174693c64
SEC-999: Expression language based access decision support
...
http://jira.springframework.org/browse/SEC-999 . Added missing test class.
2008-10-24 00:57:52 +00:00
Luke Taylor
4aa32f7d06
SEC-999: First commit of expression-based authorization implementation
2008-10-24 00:38:36 +00:00
Luke Taylor
91c44a47fd
SEC-999: Added spel-annotations to newly created 2.5 schema file.
...
http://jira.springframework.org/browse/SEC-999
2008-10-21 05:54:42 +00:00
Luke Taylor
b031124f61
SEC-991: Removed deprecated getAttributes() method from LdapUserDetails interface
2008-10-17 05:12:11 +00:00
Luke Taylor
b589f78918
SEC-954: Deprecate AbstractMethodDefinitionSource
2008-10-17 01:06:21 +00:00
Luke Taylor
c947d42146
SEC-1010: Moved TestingAuthenticationProvider and token to main core src tree and updated poms to match
2008-10-15 06:35:11 +00:00
Luke Taylor
6c8a82fa13
Updated poms to Spring 2.5 and fixed up sandbox to work with latest build
2008-10-15 05:52:40 +00:00
Luke Taylor
7cc0965383
SEC-1001: Move core tiger code into core and adjust pom files
2008-10-03 15:23:31 +00:00
Luke Taylor
97381fb448
SEC-974: Made getExceptionMappings() protected.
2008-10-01 16:25:20 +00:00
Luke Taylor
4542f00b14
SEC-975: Namespace security syntax does not interpret properties
...
http://jira.springframework.org/browse/SEC-975 . Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
2008-09-12 19:06:53 +00:00
Luke Taylor
5e4634d216
Minor Javadoc improvement.
2008-09-12 14:57:21 +00:00
Luke Taylor
d291def963
Removed invalid comment.
2008-09-12 10:18:40 +00:00
Luke Taylor
df59cb9dcd
Import cleaning.
2008-09-11 14:41:00 +00:00
Luke Taylor
ef0389ae79
SEC-976: Removed checks for presence of core-tiger classes.
2008-09-11 14:37:55 +00:00
Luke Taylor
5b9bb8ba54
[maven-release-plugin] prepare for next development iteration
2008-09-05 19:04:22 +00:00
Luke Taylor
73eed2656d
[maven-release-plugin] prepare release spring-security-parent-2.0.4
2008-09-05 18:57:43 +00:00
Luke Taylor
8661e17df9
OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors
...
http://jira.springframework.org/browse/SEC-960 . Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
2008-09-05 13:49:38 +00:00
Luke Taylor
5102be3a59
SEC-971: getter for cookieName in AbstractRememberMeServices
...
http://jira.springframework.org/browse/SEC-971 . Added getCookieName() method.
2008-09-04 16:05:34 +00:00
Luke Taylor
4e2d6f8b2e
SEC-967: TextUtils.java does not escape ampersand character
...
http://jira.springframework.org/browse/SEC-967 . Added escaping of '&' character
2008-08-29 12:01:45 +00:00
Luke Taylor
d781deffe7
OPEN - issue SEC-966: Consider adding escapeXml attribute to security:authentication
...
http://jira.springframework.org/browse/SEC-966 . Added escaping of rendered text as default.
2008-08-26 16:21:29 +00:00
Luke Taylor
a4e4120443
SEC-963: LDAP Group Search Root
...
http://jira.springframework.org/browse/SEC-963 . Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.
2008-08-26 13:51:01 +00:00
Luke Taylor
83868a7334
SEC-955: ability to externalize port mapping for secured channel to a property file
...
http://jira.springframework.org/browse/SEC-955 . Changed schema to make port-mapping type xsd:string to allow placeholders.
2008-08-26 13:20:01 +00:00
Luke Taylor
150f3d97d0
SEC-832: NamingEnumeration.hasMore fails on MS AD with PartialResultException
...
http://jira.springframework.org/browse/SEC-832 . Changed searchForSingleEntry method to ignore PartialResultException, similar to Spring LDAP's approach.
2008-08-26 12:49:37 +00:00
Luke Taylor
7f28a8bc5d
Refactored DefaultLdapAuthoritiesPopulator to remove contextSource field and setter method.
2008-08-26 12:38:02 +00:00
Luke Taylor
1cfd886517
SEC-922: Spring Security should respect Spring XML boolean operators for AJ pointcut
...
http://jira.springframework.org/browse/SEC-922 . Added method to substitute boolean operators "and, not, or" with aspectj versions "&&, !, ||".
2008-08-18 23:31:14 +00:00
Luke Taylor
bb457e1d07
SEC-957: logger.debug without guard causing massive performance hit
...
http://jira.springframework.org/browse/SEC-957 . Added debug logging guard as requested.
2008-08-18 18:20:48 +00:00
Luke Taylor
09cf90258f
SEC-758: Both AspectJSecurityInterceptor and AspectJAnnotationSecurityInterceptor not usable with @AspectJ notation
...
http://jira.springframework.org/browse/SEC-758 . Added "throws Throwable" to AspectJAnnotationCallback signature.
2008-08-18 14:47:28 +00:00
Luke Taylor
e15d7a78cd
SEC-956: Remove MapBasedMethodDefinitionSource.lookupAttributes
...
http://jira.springframework.org/browse/SEC-956 . Done.
2008-08-18 13:13:18 +00:00
Luke Taylor
3bf5e406b7
SEC-936: NPE in AbstractFallbackMethodDefinitionSource
...
http://jira.springframework.org/browse/SEC-936 . Changed to check if the value of MethodInvocation.getThis() is null to prevent NPE. MapBasedMethodDefinitionSource now ignores calls to findAttributes() with a null target class (all its entries require a class) and the fallback option in AbstractFallbackMethodDefinitionSource is used if the targetClass is null (i.e. Method.getDeclaringClass() will be used as the Class)
2008-08-16 02:31:36 +00:00
Luke Taylor
55d357f42d
OPEN - issue SEC-905: <protect-pointcut /> pointcuts do not respect method arguments
...
http://jira.springframework.org/browse/SEC-905 . Added extra registration method to MapBasedMethodDefinitionSource which takes a Method instance rather than the method name.
2008-08-12 17:11:38 +00:00
Luke Taylor
d9ab0758ee
SEC-954: Removed test dependency on AbstractMethodDefinitionSource.
2008-08-12 17:08:55 +00:00
Luke Taylor
36b35e3b1f
CLOSED - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Fixed autoboxing issue.
2008-08-11 21:15:09 +00:00
Luke Taylor
39a656eb78
OPEN - issue SEC-953: Query string isn't ignored while url - filterchain pattern matching
...
http://jira.springframework.org/browse/SEC-953 . Added stripQueryStringFromUrls parameter to FilterChainProxy which works the same as the one on DefaultFilterInvocationDefinitionSource. This defaults to true when used with ant path matching.
2008-08-11 19:15:33 +00:00
Luke Taylor
b6dec19e90
SEC-932: Added supplied class and test class.
2008-08-11 16:36:01 +00:00
Luke Taylor
3ab9fcdcaf
Tidying.
2008-08-11 15:05:16 +00:00
Luke Taylor
3a9eb018ba
SEC-950: Added test to attempt to reproduce problem.
2008-08-08 15:41:14 +00:00
Luke Taylor
b3a23b4377
Some minor improvements to schema comments
2008-08-07 19:15:13 +00:00
Luke Taylor
25814d341d
Tidying.
2008-08-06 16:18:05 +00:00
Luke Taylor
e951c42c2b
Improved javadoc. Some tidying up.
2008-08-06 15:28:04 +00:00
Luke Taylor
7258d30e13
Reinstated missing author tag and some minor tidying (de-jalopying). Removed unused logger.
2008-08-06 13:41:01 +00:00
Luke Taylor
3ee3591feb
SEC-947: Added check on "before" and "after" values to make sure they don't overflow when decremented/incremented respectfully.
2008-08-05 23:26:01 +00:00
Luke Taylor
1af7eed433
SEC-883: RoleHierarchyVoter
...
http://jira.springframework.org/browse/SEC-883 . Added RoleHierarchyVoter and deprecated existing approach. Also moved TestingAuthenticationToken to test package structure.
2008-08-04 13:08:03 +00:00
Luke Taylor
54ac7b3e46
SEC-935: Updated schema to include OpenID filter name. Also updated some doc comments and added default schema name (spring-security.xsd) to schemas.
2008-08-01 12:51:31 +00:00
Luke Taylor
3049b933d9
Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML
2008-07-31 21:35:29 +00:00
Luke Taylor
1d96283876
Removed commented out line.
2008-07-31 20:45:25 +00:00
Luke Taylor
d7926f3557
SEC-943: Forgot to commit tests.
2008-07-31 20:30:56 +00:00
Luke Taylor
e5d86b13b7
SEC-941: Embedded ldap-server uses hard-coded ldap url for importing ldif files
...
http://jira.springframework.org/browse/SEC-941 . Changed LdapUtils.parseRootDnFromUrl to use URI.getRawPath() so the returned root value still contains the escaping. I think this should be Ok.
2008-07-31 19:50:08 +00:00
Luke Taylor
67e5afbb79
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Updated Javadoc.
2008-07-31 15:56:37 +00:00
Luke Taylor
000bb1cbed
OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...)
...
http://jira.springframework.org/browse/SEC-881 . Added test class.
2008-07-31 15:42:04 +00:00
Luke Taylor
243c4f22d4
OPEN - issue SEC-899: GrantedAuthorityImpl.compareTo should handle null roles
...
http://jira.springframework.org/browse/SEC-899 . Changed to return -1 when compared to custom auhority which returns null from getAuthority()
2008-07-31 13:01:22 +00:00
Luke Taylor
d4c105d8ba
OPEN - issue SEC-934: security:intercept-url throws NPE if defined twice with the same url
...
http://jira.springframework.org/browse/SEC-934 . Added log warning when the same url is used multiple times.
2008-07-30 15:03:47 +00:00
Luke Taylor
f6ff958411
Renamed rnc file.
2008-07-30 11:05:44 +00:00
Luke Taylor
4bb3eb12c3
SEC-933: global-method-security and aop:aspectj-autoproxy throws NullPointerException in some situations
...
http://jira.springframework.org/browse/SEC-933 . Removed the setting of the attributeSource field from the interceptor in MethodDefinitionSourceAdvisor as this was overwriting the version supplied with the constructor with null (causing the NPE).
Also implemented lazy initialization of the authentication provider list from the bean factory in a custom NamespaceAuthenticationManager (extends ProviderManager and introspects the BeanFactory when getProviders() is first called). This should prevent the perennial problem of the eager initialization of UserDetailsService and other beans when the interceptor is eagerly initialized by something like aspectj-autoproxy.
2008-07-30 11:01:23 +00:00
Luke Taylor
f453264bde
SEC-909: custom remember me services doesn't get registered as logout handler
...
http://jira.springframework.org/browse/SEC-909 . HttpSecurityBeanDefinitionParser now passes the resolved RememberMeServices bean name to the LogoutBeanDefinitionparser so that it an use it explicitly.
2008-07-15 18:22:53 +00:00
Luke Taylor
1ddc033fe5
SEC-903: Wrong attribute mapping when using jdbc-user-service bean
...
http://jira.springframework.org/browse/SEC-903 . Corrected property name set by JdbcUserServiceBeanDefinitionParser (was setting authorities query rather than groups one).
2008-07-15 16:43:57 +00:00
Luke Taylor
e303e8b71a
SEC-924: Implement automatic injection of namespace created RememberMeServices into custom AbstractProcessingFilter based beans.
...
http://jira.springframework.org/browse/SEC-924 . Delayed setting of NullRememberMeServices in AbstractProcessingFilter until afterPropertiesSet method is called, allowing the null value to be read by the namespace and the confgiured RememberMeServices bean injected.
2008-07-15 14:52:13 +00:00
Luke Taylor
bf5896600e
OPEN - issue SEC-913: SwitchUserProcessingFilter modifies the switchFailureUrl member variable on failure
...
http://jira.springframework.org/browse/SEC-913 . Applied patch as suggested (use sendRedirect method for failure URL).
2008-07-15 13:42:30 +00:00
Luke Taylor
b4c63db680
SEC-921: Improved messages_zh_CN.properties for Chinese
...
http://jira.springframework.org/browse/SEC-921 . Added contributed file.
2008-07-15 11:11:21 +00:00
Luke Taylor
a56c13fb22
SEC-912: Added callback methods to BasicProcessingFilter for successful and unsuccessful authentication.
2008-07-12 17:40:39 +00:00
Luke Taylor
697c7c5f48
SEC-918: Added more info on DB schema to javadoc
2008-07-12 15:21:24 +00:00
Luke Taylor
6d179122d3
SEC-916: Added Spanish messages contribution.
2008-07-10 15:32:01 +00:00
Luke Taylor
2cda6242c8
SEC-904: Moved multi-threaded tests into sandbox
2008-07-02 19:19:21 +00:00
Luke Taylor
479693ced7
SEC-900: Added extra checks on expiry time
2008-07-02 18:40:55 +00:00
Luke Taylor
775a6c3939
[maven-release-plugin] prepare for next development iteration
2008-06-23 14:10:35 +00:00
Luke Taylor
87d50aecce
[maven-release-plugin] prepare release spring-security-parent-2.0.3
2008-06-23 14:05:36 +00:00